Permalink
Switch branches/tags
Nothing to show
Commits on Feb 21, 2017
  1. rebar: enable warnings

    msantos committed Feb 21, 2017
Commits on Feb 20, 2017
  1. makefile: fix all target

    msantos committed Feb 20, 2017
Commits on Oct 6, 2016
Commits on Oct 1, 2016
  1. Add type specs

    msantos committed Oct 1, 2016
Commits on Sep 28, 2016
  1. Convert to rebar3

    msantos committed Sep 28, 2016
Commits on Aug 10, 2012
Commits on Aug 9, 2012
  1. sut_fw: return error from filter fun

    msantos committed Aug 9, 2012
    If the filter dropped the packet (returned anything other than ok), the
    firewall process would crash, rather than returning the value to the
    caller.
  2. Correct the error fun

    msantos committed Aug 9, 2012
Commits on Aug 3, 2012
  1. Clean up README, add examples

    msantos committed Aug 3, 2012
Commits on Apr 6, 2012
  1. Update record member name

    msantos committed Apr 6, 2012
  2. Let the caller handle send errors

    msantos committed Apr 6, 2012
    For the moment, ignore any send errors in both directions. Error messages
    are printed to the shell if there is an error (badmatch).
    
    Likely the caller wants the tunnel to stay up for transient issues, for
    example if the interface goes down ({error,enetunreach}) and might come
    up again. In the case of fatal issues (bad fd, ...), we should shutdown
    the tunnel.
    
    There are 2 problems:
    
    * the message flow will not be in one direction, e.g.,
    
        socket -> filter -> tun
    
      Instead the filter would call into the socket/tun and shut down the
      gen_server killing the tunnel. This makes the system hard to
      understand.
    
    * tuncer:send/2 is a wrapper around erlang:port_command/2. Not sure what
      values it returns. The documentation says badarg. tuncer wraps the
      port_command in a try/catch and returns an error tuple.
    
      gen_udp:send returns {error, posix()}. tuncer should do the same.
  3. Allow the user to arbitrarily change the packet

    msantos committed Apr 6, 2012
    Rename the filter function record members and allow the functions to
    return a new IPv6 packet.
Commits on Apr 2, 2012
  1. Convert packet header to proplist for debugging

    msantos committed Apr 2, 2012
    Idea stolen from klaar's cowboy commit:
    
    klaar/cowboy@5e30ffb
Commits on Apr 1, 2012
  1. Add a stateless firewall as an example

    msantos committed Apr 1, 2012
    Trivial stateless firewall: blocks UDP, allows TCP ports 22, 80 and 443
    and all ICMP6 packets.
  2. Add IPv6 firewall rules

    msantos committed Apr 1, 2012
  3. Reorder validation check

    msantos committed Apr 1, 2012
Commits on Mar 29, 2012
  1. Erlang userspace 6in4 tunnel

    msantos committed Mar 29, 2012